Changelog of SSG BETA-version

1. [BRAS] Support for L2TP termination
2. [BRAS] Support for DHCP-Dual
3. [DPI] Migration to DPDK 24.11, support for new NICs (Intel E830 200G, Intel E630, Napatech SmartNIC)
4. [CLI] Added support for subs_id in commands: dhcp show, dhcp reauth, dhcp6 show, dhcp6 reauth, and dhcp disconnect

1. [DPI] New protocols added: AGORA_STREAMS(49314), AZAR_CALL(49315), WECHAT_CALL(49316), TEAMS_CALL(49317). List of protocols
2. [DPI] Improved support for LINE_CALL, VYKE_CALL protocols. List of protocols
3. [DPI] Fixed smartdrop behavior
4. [DPI] Added validation for complex protocols. List of protocols
5. [DPDK] Increased the maximum number of dispatchers to 32
6. [IPFIX/Netflow] Added the ability to change IPFIX/Netflow parameters without restarting fastDPI. A new config parameter ipfix_reserved has been added to reserve memory for enabling/changing IPFIX/Netflow parameters. If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled and parameters/new exporter types can be changed without restarting fastDPI.
7. [FastRadius] It is now possible to set both bind_ipv6_address and bind_ipv6_subnet. If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the bind_ipv6_subnet restriction.
8. CLI command dev info now includes the name of the LAG that the port belongs to
9. [PCRF][PPP][Framed-pool] Added: DHCP option Client-Id now includes tunnel-IP as part of the subscriber ID. Format of DHCP option Client-Id with fastpcrf.conf option dhcp_client_id=1 is as follows:

        [conntype][subs_id][tunnel_ip]
   
        conntype = 1 (1 byte)
        subs_id  - 16 bytes
        tunnel_ip - 4 bytes

   Tunnel IP is available in L2TP; for PPPoE, tunnel IP = 0.

10. [IPFIX] Message aggregation added for IPFIX streams: FullFlow/DNS/META/NAT
11. [IPFIX] Added parameter ipfix_mtu_limit to restrict maximum message size for IPFIX UDP packets
12. [IPFIX DNS] New elements added to IPFIX DNS: 224 (ipTotalLength) and 43823:3206 (DNS transaction id)
13. [VRRP] Fixed proper handling of the vrrp_enable option change
14. [BRAS][PPP] PPP session key is now compound: l2subs_id + tunnel-IP. For PPPoE sessions, tunnel IP = 0. CLI commands that use subs_id as a key (subs prop show, l2tp show session, l2tp term, etc.) may now return multiple entries with the same l2subs_id.

1. [DPI] Added cloud protocols with identifiers 55296..58367
2. [IPFIX] Fixed IPFIX exporter reinitialization bugs
3. [BRAS][subs_grooming] Fixed potential crash due to race condition during fastDPI shutdown
4. [CLI] Added commands to display mempool properties and statistics

       hal mempool props
       hal mempool stat

   DPDK must be built with statistics collection enabled to display mempool stats

5. [BRAS][DHCP] Fixed crash when parsing Framed-Pool Renew response if it contains no DHCP options
6. [PCRF][Acct] Fixed: Interim-Update sending is now disabled when Acct-Interim-Interval = 0 is explicitly set in the RADIUS response
7. [VASE_CLI] Created a unified CLI for managing DPI, BRAS, DHCP (KEA), ROUTER (BIRD) with support for authorization and command logging via TACACS (VEOS 8.x required)
8. [SNMP] Created a module for monitoring system components via SNMP

1. [DPI] Added DOQ 49318 protocol (DNS-over-QUIC)
2. [Router] Announcing subscriber white addresses for 1:1 NAT individually and after authentication
3. [PCRF] Added support for service 19 "DNS spoofing", profile required.
4. [DPDK] Added dpdk_engine=6 (mqrx-bridge) — number of RSS dispatchers per bridge. Total number of dispatchers = dpdk_rss * number of bridges. NIC configuration: RX queue count = dpdk_rss, TX queue count = number of worker threads (num_threads). Intended for setups with many bridges (dev1:dev2:dev3:…) for 100G+ NICs, as a replacement for the cluster approach. On-stick devices are supported.
5. [DPDK] Removed dedicated mempools. The fastdpi.conf option dpdk_emit_mempool_size is deprecated and no longer used.
6. [VLAN-Rule] Moved vlan group data from UDR to SDR. Global rules for vlan drop/pass/hide/permit set by the previous CLI command vlan group were converted and moved from UDR to SDR, with removal from UDR.
7. [VLAN] VLAN rules — added CLI commands:
   1. vlan rule add - add new rule to SDR
   2. vlan rule modify - modify existing rule in SDR
   3. vlan rule delete - delete rule from SDR
   4. vlan rule show - show all rules for the specified VLAN/QinQ
   5. vlan rule dump - dump all rules in SDR
   6. vlan rule purge vlan/qinq/all - clear SDR for VLAN/QinQ or both
   7. vlan rule apply - apply rules; by default, rules are applied 5 minutes after the last SDR modification
8. [IPv6] Added direction detection in combined traffic (IN+OUT on one port) based on the local flag for IP addresses. Enabled via combined_io_direction_mode option

1. [BRAS] Fixed compatibility with the old format of service 18, where there were fewer protocols and both fields in the profile needed to be filled
2. [DPI] Lowered detection priority for telegram_tls

1. [DPI] Improved detection of WECHAT and WECHAT_CALL
2. [BRAS][Framed-Route] Fixed: possible crash when freeing memory
3. [BRAS] Refactored PCRF connectivity: in the new implementation, all connections are equal; an error on any triggers reconnection of all connections and a switch to another PCRF. Added CLI commands:
   1. pcrf connect show — show current status and accumulated statistics for PCRF connections.
   2. Force connection to the specified PCRF pcrf connect switch [<pcrf_index>], where <pcrf_indxed> is the index of the connection line in the auth_server parameter. If <pcrf_indxed> is not specified — defaults to 0.
4. [IPFIX DNS] Added the ability to send DNS MX responses via IPFIX. Enabled by setting bit 3 (4) of the ajb_save_dns parameter

1. [DPI] Added FakeTLS protocol (49319) with validation
2. [BRAS][DHCP] Changed: sliding window algorithm for rate limit
3. [BRAS] Fixed: time comparison error when loading ip_prop from UDR
4. [VLAN-Rule] Added support for 'any' instead of '*' when describing VLAN range

   '*.*' is interpreted in bash command line as a file search mask, so now instead of '*', you can specify 'any' ('*' is still supported):
   'any.any' - equivalent to '*.*'
   'any' - equivalent to '*'
   '68.any' - equivalent to '68.any'
   'any.78-90' - equivalent to '*.78-90' 

5. [BRAS] Removed support for DHCP-Dual (moved to next release)
6. [DPI][LOG] Messages about insufficient SSL parsers are written to the slave log not for every event, but at a frequency of 1/50000.

1. [DPI] Added protocols ZALO_CALL(49320) and VK_CALL(49321)
2. [DPI] Fixed blocking in hard mode for SSL
3. [Acct] Added attribute VASExperts-Service-Type. Radius acct start/interim/stop sends the authorization type in the VASExperts-Service-Type attribute.
4. [CLI] Added: stat flow ip6 command to display IPv6 flow statistics
5. [CLI] Added: stat flow ip4 command to display IPv4 flow statistics. Analogous to the output in fastdpi_stat.log.
6. [IPFIX] Fixed ExportTime formation error in IPFIX Fullflow
7. [CLI] Added stat netflow command. Displays general statistics for Netflow/IPFIX (same as in fastdpi_stat.log under the "Statistics on NFLW_export" section)
8. [DNS] Added support for substitution/blocking/dropping of DNS requests A, AAAA, MX, HTTPS
9. [CLI] Added stat firewall command

1. [DPI] Added BIGO_CDN protocol (49324)
2. [DPI] Added UDP support for BIGOTV
3. [PCRF][L2TP] Fixed: NAS attributes for L2TP during authorization
4. [BRAS][L2TP] Fixed: data race when closing sessions
5. [DPDK] Removed deprecated rx channels settings and related checks

You can check the current installed version with the command below

yum info fastdpi

If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:

sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo

and then update as usual.

To install the test version, you should issue the following command:

yum --enablerepo vasexperts-beta update fastdpi

Downgrade to 13.3:

yum downgrade fastdpi-13.3 fastpcrf-13.3 dpiutils-13.3 fastradius-13.3